The quick, bad and dirty way to automate SSH jump connections.

As you probably know on many setups the hosts are not directly accessible but there is an SSH gateway on the between (also known as bastion server) which has security enhancements and is configured to allow / disallow access based on IP filtering.

The manual way

to connect to a host over an SSH gateway is to use the -J parameter that defines the gateway

But this is unproductive because you will need to write a lot of things each time you want to connect to a host, like usernames, the gateway ip addresses etc.

The good and correct way

to do this is to create entries on the ssh_config file like this!

But this way has a managerial problem, needs initial configuration and needs maintenance to stay up to date, this is ok on a small scale environment or for an an organization that has a dedicated team to maintain this, but it can backfire and have access problems which can led to more serious problems hard to track in case of emergency.

The quick and dirty way

You can avoid any configuration and use some “shell script magic”, the only configuration you need to apply is the list of the SSH gateway servers and the script will check if the server that you want to connect is accessible with one of the SSH gateways, if it is it will establish the connection, you can also pass any parameters that you normally would pass to an SSH command.

Parameters:

  • host_username: the username that will used to connect to the remote server
  • gw_username: the username that will used to connect to the SSH gateway
  • use_ssh_pass: if “true” will read the ssh password from file in ~/pass (very bad practice)
  • gw: this list is the SSH gateway list of server

How to install the script

Execution rights are needed for this script, also its good to be placed to a PATH directory.

How to use the script

You can use it like the normal ssh command, but there will be significant slower because it will try in sequence to connect with an SSH gateway, but after connection this will work like normal SSH

You can even pass commands like usual ssh

I really hope that you will not need such an ugly hack, but in real life often we need a compromise of best practices and effectiveness.

Written by

DevOps engineer, loves Linux, Python, cats and Amiga computers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store